diff options
Diffstat (limited to 'doc/user/application_security/dast')
8 files changed, 30 insertions, 17 deletions
diff --git a/doc/user/application_security/dast/authentication.md b/doc/user/application_security/dast/authentication.md index 1a68abd01f6..b13b41e4a37 100644 --- a/doc/user/application_security/dast/authentication.md +++ b/doc/user/application_security/dast/authentication.md @@ -5,7 +5,7 @@ info: To determine the technical writer assigned to the Stage/Group associated w type: reference, howto --- -# DAST authentication **(ULTIMATE)** +# DAST authentication **(ULTIMATE ALL)** WARNING: **DO NOT** use credentials that are valid for production systems, production servers, or any that diff --git a/doc/user/application_security/dast/browser_based.md b/doc/user/application_security/dast/browser_based.md index 0338555598c..26782c319b1 100644 --- a/doc/user/application_security/dast/browser_based.md +++ b/doc/user/application_security/dast/browser_based.md @@ -5,7 +5,7 @@ info: To determine the technical writer assigned to the Stage/Group associated w type: reference, howto --- -# DAST browser-based analyzer **(ULTIMATE)** +# DAST browser-based analyzer **(ULTIMATE ALL)** > - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/323423) in GitLab 13.12 as a Beta feature. > - [Generally available](https://gitlab.com/groups/gitlab-org/-/epics/9023) in GitLab 15.7 (GitLab DAST v3.0.50). diff --git a/doc/user/application_security/dast/browser_based_troubleshooting.md b/doc/user/application_security/dast/browser_based_troubleshooting.md index f659001e7c5..446cd0aaa92 100644 --- a/doc/user/application_security/dast/browser_based_troubleshooting.md +++ b/doc/user/application_security/dast/browser_based_troubleshooting.md @@ -5,7 +5,7 @@ info: To determine the technical writer assigned to the Stage/Group associated w type: reference, howto --- -# Troubleshooting DAST browser-based analyzer **(ULTIMATE)** +# Troubleshooting DAST browser-based analyzer **(ULTIMATE ALL)** The following troubleshooting scenarios have been collected from customer support cases. If you experience a problem not addressed here, or the information here does not fix your problem, create a diff --git a/doc/user/application_security/dast/checks/index.md b/doc/user/application_security/dast/checks/index.md index bafe426ca43..1b3ce45dc43 100644 --- a/doc/user/application_security/dast/checks/index.md +++ b/doc/user/application_security/dast/checks/index.md @@ -4,7 +4,7 @@ group: Dynamic Analysis info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments --- -# DAST browser-based crawler vulnerability checks **(ULTIMATE)** +# DAST browser-based crawler vulnerability checks **(ULTIMATE ALL)** The [DAST browser-based crawler](../browser_based.md) provides a number of vulnerability checks that are used to scan for vulnerabilities in the site under test. diff --git a/doc/user/application_security/dast/dast_troubleshooting.md b/doc/user/application_security/dast/dast_troubleshooting.md index c2e7f153e02..08f819e020c 100644 --- a/doc/user/application_security/dast/dast_troubleshooting.md +++ b/doc/user/application_security/dast/dast_troubleshooting.md @@ -5,7 +5,7 @@ info: To determine the technical writer assigned to the Stage/Group associated w type: reference, howto --- -# Troubleshooting DAST proxy-based analyzer **(ULTIMATE)** +# Troubleshooting DAST proxy-based analyzer **(ULTIMATE ALL)** The following troubleshooting scenarios have been collected from customer support cases. If you experience a problem not addressed here, or the information here does not fix your problem, create a diff --git a/doc/user/application_security/dast/index.md b/doc/user/application_security/dast/index.md index 1f4506a22e5..24aadd14dd1 100644 --- a/doc/user/application_security/dast/index.md +++ b/doc/user/application_security/dast/index.md @@ -5,7 +5,7 @@ info: To determine the technical writer assigned to the Stage/Group associated w type: reference, howto --- -# Dynamic Application Security Testing (DAST) **(ULTIMATE)** +# Dynamic Application Security Testing (DAST) **(ULTIMATE ALL)** If you deploy your web application into a new environment, your application may become exposed to new types of attacks. For example, misconfigurations of your diff --git a/doc/user/application_security/dast/proxy-based.md b/doc/user/application_security/dast/proxy-based.md index 0eec04bfeff..3052fd3a72d 100644 --- a/doc/user/application_security/dast/proxy-based.md +++ b/doc/user/application_security/dast/proxy-based.md @@ -5,7 +5,7 @@ info: To determine the technical writer assigned to the Stage/Group associated w type: reference, howto --- -# DAST proxy-based analyzer **(ULTIMATE)** +# DAST proxy-based analyzer **(ULTIMATE ALL)** The DAST proxy-based analyzer can be added to your [GitLab CI/CD](../../../ci/index.md) pipeline. This helps you discover vulnerabilities in web applications that do not use JavaScript heavily. For applications that do, @@ -461,7 +461,11 @@ The DAST job does not require the project's repository to be present when runnin ## On-demand scans -> Auditing for DAST profile management [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/217872) in GitLab 14.1. +> - Auditing for DAST profile management [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/217872) in GitLab 14.1. +> - Scheduled on-demand DAST scans [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/328749) in GitLab 14.3 [with a flag](../../../administration/feature_flags.md) named `dast_on_demand_scans_scheduler`. Disabled by default. +> - Scheduled on-demand DAST scans [generally available](https://gitlab.com/gitlab-org/gitlab/-/issues/328749) in GitLab 14.5. Feature flag `dast_on_demand_scans_scheduler` removed. +> - Runner tags selection [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/345430) in GitLab 15.9 [with a flag](../../../administration/feature_flags.md) named `on_demand_scans_runner_tags. Disabled by default. +> - Runner tags selection [enabled on GitLab.com and self-managed](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/111499) in GitLab 16.3. An on-demand DAST scan runs outside the DevOps life cycle. Changes in your repository don't trigger the scan. You must either start it manually, or schedule it to run. For on-demand DAST scans, @@ -501,7 +505,7 @@ To run an existing on-demand scan: 1. In the scan's row, select **Run scan**. If the branch saved in the scan no longer exists, you must: - + 1. [Edit the scan](#edit-an-on-demand-scan). 1. Select a new branch. 1. Save the edited scan. @@ -510,28 +514,26 @@ The on-demand DAST scan runs, and the project's dashboard shows the results. #### Create an on-demand scan -> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/328749) in GitLab 14.3. [Deployed behind the `dast_on_demand_scans_scheduler` flag](../../../administration/feature_flags.md), disabled by default. -> - [Enabled on GitLab.com](https://gitlab.com/gitlab-org/gitlab/-/issues/328749) in GitLab 14.4. -> - [Enabled on self-managed](https://gitlab.com/gitlab-org/gitlab/-/issues/328749) in GitLab 14.4. -> - [Feature flag `dast_on_demand_scans_scheduler` removed](https://gitlab.com/gitlab-org/gitlab/-/issues/328749) in GitLab 14.5. - -After you create an on-demand scan, you can: +Create an on-demand scan to: - Run it immediately. - Save it to be run in the future. - Schedule it to be run at a specified schedule. +To create an on-demand DAST scan: + 1. On the left sidebar, at the top, select **Search GitLab** (**{search}**) to find your project or group. 1. Select **Secure > On-demand scans**. 1. Select **New scan**. 1. Complete the **Scan name** and **Description** fields. 1. In the **Branch** dropdown list, select the desired branch. +1. Optional. Select the runner tags. 1. Select **Select scanner profile** or **Change scanner profile** to open the drawer, and either: - Select a scanner profile from the drawer, **or** - Select **New profile**, create a [scanner profile](#scanner-profile), then select **Save profile**. 1. Select **Select site profile** or **Change site profile** to open the drawer, and either: - Select a site profile from the **Site profile library** drawer, or - - Select **New profile** create a [site profile](#site-profile), then select **Save profile**. + - Select **New profile**, create a [site profile](#site-profile), then select **Save profile**. 1. To run the on-demand scan: - Immediately, select **Save and run scan**. @@ -675,6 +677,11 @@ To delete a site profile: Validating a site is required to run an active scan. +Prerequisites: + +- A runner must be available in the project to run a validation job. +- The GitLab server's certificate must be trusted and must not use a self-signed certificate. + To validate a site profile: 1. On the left sidebar, at the top, select **Search GitLab** (**{search}**) to find your project. @@ -857,3 +864,9 @@ For details of the report's schema, see the [schema for DAST reports](https://gi WARNING: The JSON report artifacts are not a public API of DAST and their format is expected to change in the future. + +## Troubleshooting + +### `unable to get local issuer certificate` when trying to validate a site profile + +The use of self-signed certificates is not supported and may cause the job to fail with an error message: `unable to get local issuer certificate`. For more information, see [issue 416670](https://gitlab.com/gitlab-org/gitlab/-/issues/416670). diff --git a/doc/user/application_security/dast/run_dast_offline.md b/doc/user/application_security/dast/run_dast_offline.md index a75e5832b7c..0101749be71 100644 --- a/doc/user/application_security/dast/run_dast_offline.md +++ b/doc/user/application_security/dast/run_dast_offline.md @@ -5,7 +5,7 @@ info: To determine the technical writer assigned to the Stage/Group associated w type: reference, howto --- -# Run DAST in an offline environment **(ULTIMATE)** +# Run DAST in an offline environment **(ULTIMATE ALL)** For self-managed GitLab instances in an environment with limited, restricted, or intermittent access to external resources through the internet, some adjustments are required for the DAST job to |